Thanks for the detailed explanation. The "-v" argument works fine.
Also, I'll study the SASL protocol for more details of it's usage.
I used to see the failed usernames in the past. Don't know when it
stopped. But this information is invaluable for identifying which of
our users are having login problems and knowing which connections to
block to our server.
-- L. James
--
L. D. James
lja...@apollo3.com
www.apollo3.com/~ljames
On 11/20/2016 11:32 AM, Wietse Venema wrote:
L. D. James:
There are a large number of authentication failures on my system. Is
there a debugging switch or configuration setting where I can set it to
show the userID that is failing? It shows the UserID that successfully
logs in.
SASL is a family of authentication protocols, implemented by a SASL
library (Cyrus SASL) or authentication server (Dovevot).
Postfix does not understand the SASL protocols. Any logging for
failed login details is up to the SASL library or the authentication
server.
Postfix has logged the following on behalf of the Cyrus SASL library:
Nov 20 03:33:06 ubuntuserver postfix/smtpd[25549]: warning: SASL
authentication failure: Password verification failed
where the "Password verification failed" was provided by the Cyrus
SASL library.
As you see, the library does not provide the login name as part of
the login failure message.
You may see more SASL-related logging by setting the smtpd -v command
line option in master.cf.
Wietse
